npm - @theqrl/dilithium5 - Versions diffs - 0.0.9 → 0.1.0 - Mend

@theqrl/dilithium5 0.0.9 → 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (14) hide show

package/src/polyvec.js DELETED Viewed

@@ -1,248 +0,0 @@
-const {
-  Poly,
-  polyAdd,
-  polyCAddQ,
-  polyChkNorm,
-  polyDecompose,
-  polyInvNTTToMont,
-  polyMakeHint,
-  polyNTT,
-  polyPointWiseMontgomery,
-  polyPower2round,
-  polyReduce,
-  polyShiftL,
-  polySub,
-  polyUniform,
-  polyUniformEta,
-  polyUniformGamma1,
-  polyUseHint,
-  polyW1Pack,
-} = require('./poly.js');
-const { CRHBytes, K, L, PolyW1PackedBytes, SeedBytes } = require('./const.js');
-class PolyVecK {
-  constructor() {
-    this.vec = new Array(K).fill().map((_) => new Poly());
-  }
-}
-class PolyVecL {
-  constructor() {
-    this.vec = new Array(L).fill().map((_) => new Poly());
-  }
-  copy(polyVecL) {
-    for (let i = L - 1; i >= 0; i--) {
-      this.vec[i].copy(polyVecL.vec[i]);
-    }
-  }
-}
-function polyVecMatrixExpand(mat, rho) {
-  if (rho.length !== SeedBytes) {
-    throw new Error(`invalid rho length ${rho.length} | Expected length ${SeedBytes}`);
-  }
-  for (let i = 0; i < K; ++i) {
-    for (let j = 0; j < L; ++j) {
-      polyUniform(mat[i].vec[j], rho, (i << 8) + j);
-    }
-  }
-}
-function polyVecMatrixPointWiseMontgomery(t, mat, v) {
-  for (let i = 0; i < K; ++i) {
-    polyVecLPointWiseAccMontgomery(t.vec[i], mat[i], v);
-  }
-}
-function polyVecLUniformEta(v, seed, nonce) {
-  if (seed.length !== CRHBytes) {
-    throw new Error(`invalid seed length ${seed.length} | Expected length ${CRHBytes}`);
-  }
-  for (let i = 0; i < L; i++) {
-    polyUniformEta(v.vec[i], seed, nonce++);
-  }
-}
-function polyVecLUniformGamma1(v, seed, nonce) {
-  if (seed.length !== CRHBytes) {
-    throw new Error(`invalid seed length ${seed.length} | Expected length ${CRHBytes}`);
-  }
-  for (let i = 0; i < L; i++) {
-    polyUniformGamma1(v.vec[i], seed, L * nonce + i);
-  }
-}
-function polyVecLReduce(v) {
-  for (let i = 0; i < L; i++) {
-    polyReduce(v.vec[i]);
-  }
-}
-function polyVecLAdd(w, u, v) {
-  for (let i = 0; i < L; ++i) {
-    polyAdd(w.vec[i], u.vec[i], v.vec[i]);
-  }
-}
-function polyVecLNTT(v) {
-  for (let i = 0; i < L; ++i) {
-    polyNTT(v.vec[i]);
-  }
-}
-function polyVecLInvNTTToMont(v) {
-  for (let i = 0; i < L; ++i) {
-    polyInvNTTToMont(v.vec[i]);
-  }
-}
-function polyVecLPointWisePolyMontgomery(r, a, v) {
-  for (let i = 0; i < L; ++i) {
-    polyPointWiseMontgomery(r.vec[i], a, v.vec[i]);
-  }
-}
-function polyVecLPointWiseAccMontgomery(w, u, v) {
-  const t = new Poly();
-  polyPointWiseMontgomery(w, u.vec[0], v.vec[0]);
-  for (let i = 1; i < L; i++) {
-    polyPointWiseMontgomery(t, u.vec[i], v.vec[i]);
-    polyAdd(w, w, t);
-  }
-}
-function polyVecLChkNorm(v, bound) {
-  for (let i = 0; i < L; i++) {
-    if (polyChkNorm(v.vec[i], bound) !== 0) {
-      return 1;
-    }
-  }
-  return 0;
-}
-function polyVecKUniformEta(v, seed, nonce) {
-  for (let i = 0; i < K; ++i) {
-    polyUniformEta(v.vec[i], seed, nonce++);
-  }
-}
-function polyVecKReduce(v) {
-  for (let i = 0; i < K; ++i) {
-    polyReduce(v.vec[i]);
-  }
-}
-function polyVecKCAddQ(v) {
-  for (let i = 0; i < K; ++i) {
-    polyCAddQ(v.vec[i]);
-  }
-}
-function polyVecKAdd(w, u, v) {
-  for (let i = 0; i < K; ++i) {
-    polyAdd(w.vec[i], u.vec[i], v.vec[i]);
-  }
-}
-function polyVecKSub(w, u, v) {
-  for (let i = 0; i < K; ++i) {
-    polySub(w.vec[i], u.vec[i], v.vec[i]);
-  }
-}
-function polyVecKShiftL(v) {
-  for (let i = 0; i < K; ++i) {
-    polyShiftL(v.vec[i]);
-  }
-}
-function polyVecKNTT(v) {
-  for (let i = 0; i < K; i++) {
-    polyNTT(v.vec[i]);
-  }
-}
-function polyVecKInvNTTToMont(v) {
-  for (let i = 0; i < K; i++) {
-    polyInvNTTToMont(v.vec[i]);
-  }
-}
-function polyVecKPointWisePolyMontgomery(r, a, v) {
-  for (let i = 0; i < K; i++) {
-    polyPointWiseMontgomery(r.vec[i], a, v.vec[i]);
-  }
-}
-function polyVecKChkNorm(v, bound) {
-  for (let i = 0; i < K; i++) {
-    if (polyChkNorm(v.vec[i], bound) !== 0) {
-      return 1;
-    }
-  }
-  return 0;
-}
-function polyVecKPower2round(v1, v0, v) {
-  for (let i = 0; i < K; i++) {
-    polyPower2round(v1.vec[i], v0.vec[i], v.vec[i]);
-  }
-}
-function polyVecKDecompose(v1, v0, v) {
-  for (let i = 0; i < K; i++) {
-    polyDecompose(v1.vec[i], v0.vec[i], v.vec[i]);
-  }
-}
-function polyVecKMakeHint(h, v0, v1) {
-  let s = 0;
-  for (let i = 0; i < K; i++) {
-    s += polyMakeHint(h.vec[i], v0.vec[i], v1.vec[i]);
-  }
-  return s;
-}
-function polyVecKUseHint(w, u, h) {
-  for (let i = 0; i < K; ++i) {
-    polyUseHint(w.vec[i], u.vec[i], h.vec[i]);
-  }
-}
-function polyVecKPackW1(r, w1) {
-  for (let i = 0; i < K; ++i) {
-    polyW1Pack(r, i * PolyW1PackedBytes, w1.vec[i]);
-  }
-}
-module.exports = {
-  polyVecLUniformEta,
-  polyVecLUniformGamma1,
-  polyVecLReduce,
-  polyVecLAdd,
-  polyVecLNTT,
-  polyVecLInvNTTToMont,
-  polyVecLPointWisePolyMontgomery,
-  polyVecLPointWiseAccMontgomery,
-  polyVecLChkNorm,
-  polyVecKUniformEta,
-  polyVecKReduce,
-  polyVecKCAddQ,
-  polyVecKAdd,
-  polyVecKSub,
-  polyVecKShiftL,
-  polyVecKNTT,
-  polyVecKInvNTTToMont,
-  polyVecKPointWisePolyMontgomery,
-  polyVecKChkNorm,
-  polyVecKPower2round,
-  polyVecKDecompose,
-  polyVecKMakeHint,
-  polyVecKUseHint,
-  polyVecKPackW1,
-  polyVecMatrixPointWiseMontgomery,
-  PolyVecL,
-  PolyVecK,
-  polyVecMatrixExpand,
-};

package/src/reduce.js DELETED Viewed

@@ -1,25 +0,0 @@
-const { Q, QInv } = require('./const.js');
-function montgomeryReduce(a) {
-  let t = BigInt.asIntN(32, BigInt.asIntN(64, BigInt.asIntN(32, a)) * BigInt(QInv));
-  t = BigInt.asIntN(32, (a - t * BigInt(Q)) >> 32n);
-  return t;
-}
-function reduce32(a) {
-  let t = (a + (1 << 22)) >> 23;
-  t = a - t * Q;
-  return t;
-}
-function cAddQ(a) {
-  let ar = a;
-  ar += (ar >> 31) & Q;
-  return ar;
-}
-module.exports = {
-  montgomeryReduce,
-  reduce32,
-  cAddQ,
-};

package/src/rounding.js DELETED Viewed

@@ -1,42 +0,0 @@
-const { D, GAMMA2, Q } = require('./const.js');
-function power2round(a0p, i, a) {
-  const a0 = a0p;
-  const a1 = (a + (1 << (D - 1)) - 1) >> D;
-  a0[i] = a - (a1 << D);
-  return a1;
-}
-function decompose(a0p, i, a) {
-  const a0 = a0p;
-  let a1 = (a + 127) >> 7;
-  a1 = (a1 * 1025 + (1 << 21)) >> 22;
-  a1 &= 15;
-  a0[i] = a - a1 * 2 * GAMMA2;
-  a0[i] -= (((Q - 1) / 2 - a0[i]) >> 31) & Q;
-  return a1;
-}
-function makeHint(a0, a1) {
-  if (a0 > GAMMA2 || a0 < -GAMMA2 || (a0 === -GAMMA2 && a1 !== 0)) return 1;
-  return 0;
-}
-function useHint(a, hint) {
-  const a0 = new Int32Array(1);
-  const a1 = decompose(a0, 0, a);
-  if (hint === 0) return a1;
-  if (a0[0] > 0) return (a1 + 1) & 15;
-  return (a1 - 1) & 15;
-}
-module.exports = {
-  power2round,
-  decompose,
-  makeHint,
-  useHint,
-};

package/src/sign.js DELETED Viewed

@@ -1,330 +0,0 @@
-const randomBytes = require('randombytes'); // eslint-disable-line import/no-extraneous-dependencies
-const { SHAKE } = require('sha3'); // eslint-disable-line import/no-extraneous-dependencies
-const {
-  PolyVecK,
-  polyVecKAdd,
-  polyVecKCAddQ,
-  polyVecKChkNorm,
-  polyVecKDecompose,
-  polyVecKInvNTTToMont,
-  polyVecKMakeHint,
-  polyVecKNTT,
-  polyVecKPackW1,
-  polyVecKPointWisePolyMontgomery,
-  polyVecKPower2round,
-  polyVecKReduce,
-  polyVecKShiftL,
-  polyVecKSub,
-  polyVecKUniformEta,
-  polyVecKUseHint,
-  PolyVecL,
-  polyVecLAdd,
-  polyVecLChkNorm,
-  polyVecLInvNTTToMont,
-  polyVecLNTT,
-  polyVecLPointWisePolyMontgomery,
-  polyVecLReduce,
-  polyVecLUniformEta,
-  polyVecLUniformGamma1,
-  polyVecMatrixExpand,
-  polyVecMatrixPointWiseMontgomery,
-} = require('./polyvec.js');
-const {
-  BETA,
-  CRHBytes,
-  CryptoBytes,
-  CryptoPublicKeyBytes,
-  CryptoSecretKeyBytes,
-  GAMMA1,
-  GAMMA2,
-  K,
-  L,
-  OMEGA,
-  PolyW1PackedBytes,
-  SeedBytes,
-} = require('./const.js');
-const { Poly, polyChallenge, polyNTT } = require('./poly.js');
-const { packPk, packSig, packSk, unpackPk, unpackSig, unpackSk } = require('./packing.js');
-function cryptoSignKeypair(passedSeed, pk, sk) {
-  try {
-    if (pk.length !== CryptoPublicKeyBytes) {
-      throw new Error(`invalid pk length ${pk.length} | Expected length ${CryptoPublicKeyBytes}`);
-    }
-    if (sk.length !== CryptoSecretKeyBytes) {
-      throw new Error(`invalid sk length ${sk.length} | Expected length ${CryptoSecretKeyBytes}`);
-    }
-  } catch (e) {
-    if (e instanceof TypeError) {
-      throw new Error(`pk/sk cannot be null`);
-    } else {
-      throw new Error(`${e.message}`);
-    }
-  }
-  // eslint-disable-next-line no-unused-vars
-  const mat = new Array(K).fill().map((_) => new PolyVecL());
-  const s1 = new PolyVecL();
-  const s2 = new PolyVecK();
-  const t1 = new PolyVecK();
-  const t0 = new PolyVecK();
-  // Get randomness for rho, rhoPrime and key
-  const seed = passedSeed || randomBytes(SeedBytes);
-  const state = new SHAKE(256);
-  let outputLength = 2 * SeedBytes + CRHBytes;
-  state.update(seed);
-  const seedBuf = state.digest({ buffer: Buffer.alloc(outputLength) });
-  const rho = seedBuf.slice(0, SeedBytes);
-  const rhoPrime = seedBuf.slice(SeedBytes, SeedBytes + CRHBytes);
-  const key = seedBuf.slice(SeedBytes + CRHBytes);
-  // Expand matrix
-  polyVecMatrixExpand(mat, rho);
-  // Sample short vectors s1 and s2
-  polyVecLUniformEta(s1, rhoPrime, 0);
-  polyVecKUniformEta(s2, rhoPrime, L);
-  // Matrix-vector multiplication
-  const s1hat = new PolyVecL();
-  s1hat.copy(s1);
-  polyVecLNTT(s1hat);
-  polyVecMatrixPointWiseMontgomery(t1, mat, s1hat);
-  polyVecKReduce(t1);
-  polyVecKInvNTTToMont(t1);
-  // Add error vector s2
-  polyVecKAdd(t1, t1, s2);
-  // Extract t1 and write public key
-  polyVecKCAddQ(t1);
-  polyVecKPower2round(t1, t0, t1);
-  packPk(pk, rho, t1);
-  // Compute H(rho, t1) and write secret key
-  const hasher = new SHAKE(256);
-  outputLength = SeedBytes;
-  hasher.update(Buffer.from(pk, 'hex'));
-  const tr = new Uint8Array(hasher.digest());
-  packSk(sk, rho, tr, key, t0, s1, s2);
-  return seed;
-}
-function cryptoSignSignature(sig, m, sk, randomizedSigning) {
-  if (sk.length !== CryptoSecretKeyBytes) {
-    throw new Error(`invalid sk length ${sk.length} | Expected length ${CryptoSecretKeyBytes}`);
-  }
-  const rho = new Uint8Array(SeedBytes);
-  const tr = new Uint8Array(SeedBytes);
-  const key = new Uint8Array(SeedBytes);
-  let rhoPrime = new Uint8Array(CRHBytes);
-  let nonce = 0;
-  let state = null;
-  const mat = Array(K)
-    .fill()
-    // eslint-disable-next-line no-unused-vars
-    .map((_) => new PolyVecL());
-  const s1 = new PolyVecL();
-  const y = new PolyVecL();
-  const z = new PolyVecL();
-  const t0 = new PolyVecK();
-  const s2 = new PolyVecK();
-  const w1 = new PolyVecK();
-  const w0 = new PolyVecK();
-  const h = new PolyVecK();
-  const cp = new Poly();
-  unpackSk(rho, tr, key, t0, s1, s2, sk);
-  state = new SHAKE(256);
-  let outputLength = CRHBytes;
-  state.update(Buffer.from(tr, 'hex'));
-  state.update(Buffer.from(m, 'hex'));
-  const mu = new Uint8Array(state.digest({ buffer: Buffer.alloc(outputLength) }));
-  if (randomizedSigning) rhoPrime = new Uint8Array(randomBytes(CRHBytes));
-  else {
-    state = new SHAKE(256);
-    outputLength = CRHBytes;
-    state.update(Buffer.from(key, 'hex'));
-    state.update(Buffer.from(mu, 'hex'));
-    rhoPrime.set(state.digest({ buffer: Buffer.alloc(outputLength) }));
-  }
-  polyVecMatrixExpand(mat, rho);
-  polyVecLNTT(s1);
-  polyVecKNTT(s2);
-  polyVecKNTT(t0);
-  // eslint-disable-next-line no-constant-condition
-  while (true) {
-    polyVecLUniformGamma1(y, rhoPrime, nonce++);
-    // Matrix-vector multiplication
-    z.copy(y);
-    polyVecLNTT(z);
-    polyVecMatrixPointWiseMontgomery(w1, mat, z);
-    polyVecKReduce(w1);
-    polyVecKInvNTTToMont(w1);
-    // Decompose w and call the random oracle
-    polyVecKCAddQ(w1);
-    polyVecKDecompose(w1, w0, w1);
-    polyVecKPackW1(sig, w1);
-    state = new SHAKE(256);
-    outputLength = SeedBytes;
-    state.update(Buffer.from(mu, 'hex'));
-    state.update(Buffer.from(sig.slice(0, K * PolyW1PackedBytes)), 'hex');
-    sig.set(state.digest({ buffer: Buffer.alloc(outputLength) }));
-    polyChallenge(cp, sig);
-    polyNTT(cp);
-    // Compute z, reject if it reveals secret
-    polyVecLPointWisePolyMontgomery(z, cp, s1);
-    polyVecLInvNTTToMont(z);
-    polyVecLAdd(z, z, y);
-    polyVecLReduce(z);
-    if (polyVecLChkNorm(z, GAMMA1 - BETA) !== 0) {
-      continue;
-    }
-    polyVecKPointWisePolyMontgomery(h, cp, s2);
-    polyVecKInvNTTToMont(h);
-    polyVecKSub(w0, w0, h);
-    polyVecKReduce(w0);
-    if (polyVecKChkNorm(w0, GAMMA2 - BETA) !== 0) {
-      continue;
-    }
-    polyVecKPointWisePolyMontgomery(h, cp, t0);
-    polyVecKInvNTTToMont(h);
-    polyVecKReduce(h);
-    if (polyVecKChkNorm(h, GAMMA2) !== 0) {
-      continue;
-    }
-    polyVecKAdd(w0, w0, h);
-    const n = polyVecKMakeHint(h, w0, w1);
-    if (n > OMEGA) {
-      continue;
-    }
-    packSig(sig, sig, z, h);
-    return 0;
-  }
-}
-function cryptoSign(msg, sk, randomizedSigning) {
-  const sm = new Uint8Array(CryptoBytes + msg.length);
-  const mLen = msg.length;
-  for (let i = 0; i < mLen; ++i) {
-    sm[CryptoBytes + mLen - 1 - i] = msg[mLen - 1 - i];
-  }
-  const result = cryptoSignSignature(sm, msg, sk, randomizedSigning);
-  if (result !== 0) {
-    throw new Error('failed to sign');
-  }
-  return sm;
-}
-function cryptoSignVerify(sig, m, pk) {
-  let i;
-  const buf = new Uint8Array(K * PolyW1PackedBytes);
-  const rho = new Uint8Array(SeedBytes);
-  const mu = new Uint8Array(CRHBytes);
-  const c = new Uint8Array(SeedBytes);
-  const c2 = new Uint8Array(SeedBytes);
-  const cp = new Poly();
-  // eslint-disable-next-line no-unused-vars
-  const mat = new Array(K).fill().map((_) => new PolyVecL());
-  const z = new PolyVecL();
-  const t1 = new PolyVecK();
-  const w1 = new PolyVecK();
-  const h = new PolyVecK();
-  if (sig.length !== CryptoBytes) {
-    return false;
-  }
-  if (pk.length !== CryptoPublicKeyBytes) {
-    return false;
-  }
-  unpackPk(rho, t1, pk);
-  if (unpackSig(c, z, h, sig)) {
-    return false;
-  }
-  if (polyVecLChkNorm(z, GAMMA1 - BETA)) {
-    return false;
-  }
-  /* Compute CRH(H(rho, t1), msg) */
-  let state = new SHAKE(256);
-  let outputLength = SeedBytes;
-  state.update(pk.slice(0, CryptoPublicKeyBytes));
-  mu.set(state.digest({ buffer: Buffer.alloc(outputLength) }));
-  state = new SHAKE(256);
-  outputLength = CRHBytes;
-  state.update(Buffer.from(mu.slice(0, SeedBytes), 'hex'));
-  state.update(Buffer.from(m, 'hex'));
-  mu.set(state.digest({ buffer: Buffer.alloc(outputLength) }));
-  /* Matrix-vector multiplication; compute Az - c2^dt1 */
-  polyChallenge(cp, c);
-  polyVecMatrixExpand(mat, rho);
-  polyVecLNTT(z);
-  polyVecMatrixPointWiseMontgomery(w1, mat, z);
-  polyNTT(cp);
-  polyVecKShiftL(t1);
-  polyVecKNTT(t1);
-  polyVecKPointWisePolyMontgomery(t1, cp, t1);
-  polyVecKSub(w1, w1, t1);
-  polyVecKReduce(w1);
-  polyVecKInvNTTToMont(w1);
-  /* Reconstruct w1 */
-  polyVecKCAddQ(w1);
-  polyVecKUseHint(w1, w1, h);
-  polyVecKPackW1(buf, w1);
-  /* Call random oracle and verify challenge */
-  state = new SHAKE(256);
-  outputLength = SeedBytes;
-  state.update(Buffer.from(mu, 'hex'));
-  state.update(Buffer.from(buf, 'hex'));
-  c2.set(state.digest({ buffer: Buffer.alloc(outputLength) }));
-  for (i = 0; i < SeedBytes; ++i) if (c[i] !== c2[i]) return false;
-  return true;
-}
-function cryptoSignOpen(sm, pk) {
-  if (sm.length < CryptoBytes) {
-    return undefined;
-  }
-  const sig = sm.slice(0, CryptoBytes);
-  const msg = sm.slice(CryptoBytes);
-  if (!cryptoSignVerify(sig, msg, pk)) {
-    return undefined;
-  }
-  return msg;
-}
-module.exports = {
-  cryptoSignKeypair,
-  cryptoSignSignature,
-  cryptoSign,
-  cryptoSignVerify,
-  cryptoSignOpen,
-};

package/src/symmetric-shake.js DELETED Viewed

@@ -1,42 +0,0 @@
-const {
-  shake128Absorb,
-  shake128Finalize,
-  shake128Init,
-  shake256Absorb,
-  shake256Finalize,
-  shake256Init,
-} = require('./fips202.js');
-const { CRHBytes, SeedBytes } = require('./const.js');
-function dilithiumShake128StreamInit(state, seed, nonce) {
-  if (seed.length !== SeedBytes) {
-    throw new Error(`invalid seed length ${seed.length} | expected ${SeedBytes}`);
-  }
-  const t = new Uint8Array(2);
-  t[0] = nonce & 0xff;
-  t[1] = nonce >> 8;
-  shake128Init(state);
-  shake128Absorb(state, seed);
-  shake128Absorb(state, t);
-  shake128Finalize(state);
-}
-function dilithiumShake256StreamInit(state, seed, nonce) {
-  if (seed.length !== CRHBytes) {
-    throw new Error(`invalid seed length ${seed.length} | expected ${CRHBytes}`);
-  }
-  const t = new Uint8Array(2);
-  t[0] = nonce & 0xff;
-  t[1] = nonce >> 8;
-  shake256Init(state);
-  shake256Absorb(state, seed);
-  shake256Absorb(state, t);
-  shake256Finalize(state);
-}
-module.exports = {
-  dilithiumShake128StreamInit,
-  dilithiumShake256StreamInit,
-};